The protection of digital content transferred between computers is fundamentally important for many enterprises today. Enterprises attempt to secure this protection by implementing some form of Digital Rights Management (DRM) process. DRM refers to a range of techniques that are used to control access to copyrighted content and to enforce the terms and conditions on which the digital content is made available to users. Digital content can be software, music, video, news clip, game, image, or any other content distributed in digital form. Parts of software to implement DRM may run on a server controlled or trusted by the content provider while other parts of the software may be loaded into the user computer either separately or as a part of a platform that allows the user to download and use the content.
Many models have been devised to distribute digital content. In some instances, certain content can be obtained or licensed free. In these instances, the DRM process simply enforces the distribution of content to authorized computers without considering any financial objectives. In other instances, an a la carte download model is used where a user pays a one-time fee to download a particular content. Depending on the terms of use, the user is granted unlimited use, use for a certain period of time, or use for a certain number of times.
Yet, in other instances, a subscription model is used where the user is required to pay a periodic subscription fee. In these instances, as long as the subscription is up-to-date, the user can download an agreed upon (sometimes unlimited) number of content files. The user can also use the content (e.g., listen to a downloaded music track, watch a downloaded movie, play a downloaded game, etc.) as long as the subscription is up-to-date. Therefore, in order to protect the content provider's rights, the DRM process has to be able to determine the validity of subscription when a user wants to use the content.
As long as the user is online, the DRM process can check the validity of the subscription by comparing the expiration time and date of the subscription with the time and date obtained from a trusted source. Once the user goes offline, however, the task of ensuring the validity of the subscription becomes more difficult. When the user is offline, the DRM has to rely on the usually untrusted source of time on the user device. In many operating environments such as Apple Mac OS X® or Microsoft Windows®, a user can easily change the user device system clock. For instance, in order to defeat a DRM system that solely relies on the user device system clock, the user can buy subscription for a limited time, download content, and continue using the downloaded content offline by changing the system clock back to a date and time when the subscription was still valid. There is, therefore, a need in the art to determine whether a user's subscription is still valid without solely relying on the user device clock, especially in environments where the user is not always connected to a DRM enforcing device.